Red Hat Bugzilla – Bug 150234
Cookie leak in squid
Last modified: 2014-08-31 19:27:15 EDT
+++ This bug was initially created as a clone of Bug #150232 +++
A race window has been discovered where Set-Cookie headers may leak to another
users if the requested server relies on the now (since 1997) obsolete Netscape
Set-Cookie specifications in how caches should handle the Set-Cookie header on
otherwise cacheable content.
This issue should also affect FC2.